Merge pull request #5439 from MrPetovan/task/5410-remove-dbesc
Move DBA to src/ part 4.1: Remove dbesc()
This commit is contained in:
Michael Vogel
GitHub
commit
413424064c
80 changed files with 674 additions and 687 deletions
20
mod/acl.php
20
mod/acl.php
|
|
@ -36,8 +36,8 @@ function acl_content(App $a)
|
|||
logger("Searching for ".$search." - type ".$type." conversation ".$conv_id, LOGGER_DEBUG);
|
||||
|
||||
if ($search != '') {
|
||||
$sql_extra = "AND `name` LIKE '%%" . dbesc($search) . "%%'";
|
||||
$sql_extra2 = "AND (`attag` LIKE '%%" . dbesc($search) . "%%' OR `name` LIKE '%%" . dbesc($search) . "%%' OR `nick` LIKE '%%" . dbesc($search) . "%%')";
|
||||
$sql_extra = "AND `name` LIKE '%%" . DBA::escape($search) . "%%'";
|
||||
$sql_extra2 = "AND (`attag` LIKE '%%" . DBA::escape($search) . "%%' OR `name` LIKE '%%" . DBA::escape($search) . "%%' OR `nick` LIKE '%%" . DBA::escape($search) . "%%')";
|
||||
} else {
|
||||
/// @TODO Avoid these needless else blocks by putting variable-initialization atop of if()
|
||||
$sql_extra = $sql_extra2 = '';
|
||||
|
|
@ -84,8 +84,8 @@ function acl_content(App $a)
|
|||
AND `success_update` >= `failure_update`
|
||||
AND `network` IN ('%s', '%s') $sql_extra2",
|
||||
intval(local_user()),
|
||||
dbesc(NETWORK_DFRN),
|
||||
dbesc(NETWORK_DIASPORA)
|
||||
DBA::escape(NETWORK_DFRN),
|
||||
DBA::escape(NETWORK_DIASPORA)
|
||||
);
|
||||
$contact_count = (int) $r[0]['c'];
|
||||
} elseif ($type == 'a') {
|
||||
|
|
@ -143,8 +143,8 @@ function acl_content(App $a)
|
|||
$sql_extra2
|
||||
ORDER BY `name` ASC ",
|
||||
intval(local_user()),
|
||||
dbesc(NETWORK_OSTATUS),
|
||||
dbesc(NETWORK_STATUSNET)
|
||||
DBA::escape(NETWORK_OSTATUS),
|
||||
DBA::escape(NETWORK_STATUSNET)
|
||||
);
|
||||
} elseif ($type == 'c') {
|
||||
$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
|
||||
|
|
@ -153,7 +153,7 @@ function acl_content(App $a)
|
|||
$sql_extra2
|
||||
ORDER BY `name` ASC ",
|
||||
intval(local_user()),
|
||||
dbesc(NETWORK_STATUSNET)
|
||||
DBA::escape(NETWORK_STATUSNET)
|
||||
);
|
||||
} elseif ($type == 'f') {
|
||||
$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
|
||||
|
|
@ -163,7 +163,7 @@ function acl_content(App $a)
|
|||
$sql_extra2
|
||||
ORDER BY `name` ASC ",
|
||||
intval(local_user()),
|
||||
dbesc(NETWORK_STATUSNET)
|
||||
DBA::escape(NETWORK_STATUSNET)
|
||||
);
|
||||
} elseif ($type == 'm') {
|
||||
$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr` FROM `contact`
|
||||
|
|
@ -172,8 +172,8 @@ function acl_content(App $a)
|
|||
$sql_extra2
|
||||
ORDER BY `name` ASC ",
|
||||
intval(local_user()),
|
||||
dbesc(NETWORK_DFRN),
|
||||
dbesc(NETWORK_DIASPORA)
|
||||
DBA::escape(NETWORK_DFRN),
|
||||
DBA::escape(NETWORK_DIASPORA)
|
||||
);
|
||||
} elseif ($type == 'a') {
|
||||
$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
|
||||
|
|
|
|||
|
|
@ -816,7 +816,7 @@ function admin_page_workerqueue(App $a)
|
|||
function admin_page_summary(App $a)
|
||||
{
|
||||
// are there MyISAM tables in the DB? If so, trigger a warning message
|
||||
$r = q("SELECT `engine` FROM `information_schema`.`tables` WHERE `engine` = 'myisam' AND `table_schema` = '%s' LIMIT 1", dbesc(DBA::databaseName()));
|
||||
$r = q("SELECT `engine` FROM `information_schema`.`tables` WHERE `engine` = 'myisam' AND `table_schema` = '%s' LIMIT 1", DBA::escape(DBA::databaseName()));
|
||||
$showwarning = false;
|
||||
$warningtext = [];
|
||||
if (DBA::isResult($r)) {
|
||||
|
|
@ -949,8 +949,8 @@ function admin_page_site_post(App $a)
|
|||
|
||||
function update_table($table_name, $fields, $old_url, $new_url)
|
||||
{
|
||||
$dbold = dbesc($old_url);
|
||||
$dbnew = dbesc($new_url);
|
||||
$dbold = DBA::escape($old_url);
|
||||
$dbnew = DBA::escape($new_url);
|
||||
|
||||
$upd = [];
|
||||
foreach ($fields as $f) {
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ function oauth_get_client($request)
|
|||
$r = q("SELECT `clients`.*
|
||||
FROM `clients`, `tokens`
|
||||
WHERE `clients`.`client_id`=`tokens`.`client_id`
|
||||
AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", dbesc($token));
|
||||
AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", DBA::escape($token));
|
||||
|
||||
if (!DBA::isResult($r)) {
|
||||
return null;
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ function attach_init(App $a)
|
|||
// Now we'll see if we can access the attachment
|
||||
|
||||
$r = q("SELECT * FROM `attach` WHERE `id` = '%d' $sql_extra LIMIT 1",
|
||||
dbesc($item_id)
|
||||
DBA::escape($item_id)
|
||||
);
|
||||
|
||||
if (!DBA::isResult($r)) {
|
||||
|
|
|
|||
|
|
@ -216,11 +216,11 @@ function contacts_post(App $a)
|
|||
`ffi_keyword_blacklist` = '%s' WHERE `id` = %d AND `uid` = %d",
|
||||
intval($profile_id),
|
||||
intval($priority),
|
||||
dbesc($info),
|
||||
DBA::escape($info),
|
||||
intval($hidden),
|
||||
intval($notify),
|
||||
intval($fetch_further_information),
|
||||
dbesc($ffi_keyword_blacklist),
|
||||
DBA::escape($ffi_keyword_blacklist),
|
||||
intval($contact_id),
|
||||
intval(local_user())
|
||||
);
|
||||
|
|
@ -308,7 +308,7 @@ function _contact_update_profile($contact_id)
|
|||
$query .= ", ";
|
||||
}
|
||||
|
||||
$query .= "`" . $key . "` = '" . dbesc($value) . "'";
|
||||
$query .= "`" . $key . "` = '" . DBA::escape($value) . "'";
|
||||
}
|
||||
|
||||
if ($query == "") {
|
||||
|
|
@ -773,12 +773,12 @@ function contacts_content(App $a)
|
|||
if ($search) {
|
||||
$searching = true;
|
||||
$search_hdr = $search;
|
||||
$search_txt = dbesc(protect_sprintf(preg_quote($search)));
|
||||
$search_txt = DBA::escape(protect_sprintf(preg_quote($search)));
|
||||
$sql_extra .= " AND (name REGEXP '$search_txt' OR url REGEXP '$search_txt' OR nick REGEXP '$search_txt') ";
|
||||
}
|
||||
|
||||
if ($nets) {
|
||||
$sql_extra .= sprintf(" AND network = '%s' ", dbesc($nets));
|
||||
$sql_extra .= sprintf(" AND network = '%s' ", DBA::escape($nets));
|
||||
}
|
||||
|
||||
$sql_extra2 = ((($sort_type > 0) && ($sort_type <= CONTACT_IS_FRIEND)) ? sprintf(" AND `rel` = %d ", intval($sort_type)) : '');
|
||||
|
|
|
|||
|
|
@ -64,15 +64,15 @@ function crepair_post(App $a)
|
|||
|
||||
$r = q("UPDATE `contact` SET `name` = '%s', `nick` = '%s', `url` = '%s', `nurl` = '%s', `request` = '%s', `confirm` = '%s', `notify` = '%s', `poll` = '%s', `attag` = '%s' , `remote_self` = %d
|
||||
WHERE `id` = %d AND `uid` = %d",
|
||||
dbesc($name),
|
||||
dbesc($nick),
|
||||
dbesc($url),
|
||||
dbesc($nurl),
|
||||
dbesc($request),
|
||||
dbesc($confirm),
|
||||
dbesc($notify),
|
||||
dbesc($poll),
|
||||
dbesc($attag),
|
||||
DBA::escape($name),
|
||||
DBA::escape($nick),
|
||||
DBA::escape($url),
|
||||
DBA::escape($nurl),
|
||||
DBA::escape($request),
|
||||
DBA::escape($confirm),
|
||||
DBA::escape($notify),
|
||||
DBA::escape($poll),
|
||||
DBA::escape($attag),
|
||||
intval($remote_self),
|
||||
intval($contact['id']),
|
||||
local_user()
|
||||
|
|
|
|||
|
|
@ -110,14 +110,14 @@ function delegate_content(App $a)
|
|||
AND SUBSTRING_INDEX(`nurl`, '/', 3) = '%s'
|
||||
AND `uid` = %d
|
||||
AND `network` = '%s' ",
|
||||
dbesc(normalise_link(System::baseUrl())),
|
||||
DBA::escape(normalise_link(System::baseUrl())),
|
||||
intval(local_user()),
|
||||
dbesc(NETWORK_DFRN)
|
||||
DBA::escape(NETWORK_DFRN)
|
||||
);
|
||||
if (DBA::isResult($r)) {
|
||||
$nicknames = [];
|
||||
foreach ($r as $rr) {
|
||||
$nicknames[] = "'" . dbesc(basename($rr['nurl'])) . "'";
|
||||
$nicknames[] = "'" . DBA::escape(basename($rr['nurl'])) . "'";
|
||||
}
|
||||
|
||||
$nicks = implode(',', $nicknames);
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
|
|||
AND `uid` = %d
|
||||
AND `duplex` = 0
|
||||
LIMIT 1",
|
||||
dbesc($dfrn_id),
|
||||
DBA::escape($dfrn_id),
|
||||
intval($cid),
|
||||
intval($uid)
|
||||
);
|
||||
|
|
@ -157,7 +157,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
|
|||
|
||||
// Save the private key. Send them the public key.
|
||||
q("UPDATE `contact` SET `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d",
|
||||
dbesc($private_key),
|
||||
DBA::escape($private_key),
|
||||
intval($contact_id),
|
||||
intval($uid)
|
||||
);
|
||||
|
|
@ -261,7 +261,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
|
|||
// birthday paradox - generate new dfrn-id and fall through.
|
||||
$new_dfrn_id = random_string();
|
||||
q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d",
|
||||
dbesc($new_dfrn_id),
|
||||
DBA::escape($new_dfrn_id),
|
||||
intval($contact_id),
|
||||
intval($uid)
|
||||
);
|
||||
|
|
@ -324,11 +324,11 @@ function dfrn_confirm_post(App $a, $handsfree = null)
|
|||
`network` = '%s' WHERE `id` = %d
|
||||
",
|
||||
intval($new_relation),
|
||||
dbesc(DateTimeFormat::utcNow()),
|
||||
dbesc(DateTimeFormat::utcNow()),
|
||||
DBA::escape(DateTimeFormat::utcNow()),
|
||||
DBA::escape(DateTimeFormat::utcNow()),
|
||||
intval($duplex),
|
||||
intval($hidden),
|
||||
dbesc(NETWORK_DFRN),
|
||||
DBA::escape(NETWORK_DFRN),
|
||||
intval($contact_id)
|
||||
);
|
||||
} else {
|
||||
|
|
@ -372,12 +372,12 @@ function dfrn_confirm_post(App $a, $handsfree = null)
|
|||
`rel` = %d
|
||||
WHERE `id` = %d
|
||||
",
|
||||
dbesc(DateTimeFormat::utcNow()),
|
||||
dbesc(DateTimeFormat::utcNow()),
|
||||
dbesc($addr),
|
||||
dbesc($notify),
|
||||
dbesc($poll),
|
||||
dbesc($network),
|
||||
DBA::escape(DateTimeFormat::utcNow()),
|
||||
DBA::escape(DateTimeFormat::utcNow()),
|
||||
DBA::escape($addr),
|
||||
DBA::escape($notify),
|
||||
DBA::escape($poll),
|
||||
DBA::escape($network),
|
||||
intval($writable),
|
||||
intval($hidden),
|
||||
intval($new_relation),
|
||||
|
|
@ -517,8 +517,8 @@ function dfrn_confirm_post(App $a, $handsfree = null)
|
|||
}
|
||||
|
||||
$r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d",
|
||||
dbesc($decrypted_dfrn_id),
|
||||
dbesc($dfrn_pubkey),
|
||||
DBA::escape($decrypted_dfrn_id),
|
||||
DBA::escape($dfrn_pubkey),
|
||||
intval($dfrn_record)
|
||||
);
|
||||
if (!DBA::isResult($r)) {
|
||||
|
|
@ -568,12 +568,12 @@ function dfrn_confirm_post(App $a, $handsfree = null)
|
|||
`network` = '%s' WHERE `id` = %d
|
||||
",
|
||||
intval($new_relation),
|
||||
dbesc(DateTimeFormat::utcNow()),
|
||||
dbesc(DateTimeFormat::utcNow()),
|
||||
DBA::escape(DateTimeFormat::utcNow()),
|
||||
DBA::escape(DateTimeFormat::utcNow()),
|
||||
intval($duplex),
|
||||
intval($forum),
|
||||
intval($prv),
|
||||
dbesc(NETWORK_DFRN),
|
||||
DBA::escape(NETWORK_DFRN),
|
||||
intval($dfrn_record)
|
||||
);
|
||||
if (!DBA::isResult($r)) { // indicates schema is messed up or total db failure
|
||||
|
|
|
|||
|
|
@ -74,13 +74,13 @@ function dfrn_notify_post(App $a) {
|
|||
$sql_extra = '';
|
||||
switch ($direction) {
|
||||
case (-1):
|
||||
$sql_extra = sprintf(" AND ( `issued-id` = '%s' OR `dfrn-id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND ( `issued-id` = '%s' OR `dfrn-id` = '%s' ) ", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
|
||||
break;
|
||||
case 0:
|
||||
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
|
||||
break;
|
||||
case 1:
|
||||
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
|
||||
break;
|
||||
default:
|
||||
System::xmlExit(3, 'Invalid direction');
|
||||
|
|
@ -104,7 +104,7 @@ function dfrn_notify_post(App $a) {
|
|||
LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
|
||||
WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
|
||||
AND `user`.`nickname` = '%s' AND `user`.`account_expired` = 0 AND `user`.`account_removed` = 0 $sql_extra LIMIT 1",
|
||||
dbesc($a->argv[1])
|
||||
DBA::escape($a->argv[1])
|
||||
);
|
||||
|
||||
if (!DBA::isResult($r)) {
|
||||
|
|
@ -312,15 +312,15 @@ function dfrn_notify_content(App $a) {
|
|||
$sql_extra = '';
|
||||
switch($direction) {
|
||||
case (-1):
|
||||
$sql_extra = sprintf(" AND (`issued-id` = '%s' OR `dfrn-id` = '%s') ", dbesc($dfrn_id), dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND (`issued-id` = '%s' OR `dfrn-id` = '%s') ", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
|
||||
$my_id = $dfrn_id;
|
||||
break;
|
||||
case 0:
|
||||
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
|
||||
$my_id = '1:' . $dfrn_id;
|
||||
break;
|
||||
case 1:
|
||||
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
|
||||
$my_id = '0:' . $dfrn_id;
|
||||
break;
|
||||
default:
|
||||
|
|
@ -331,7 +331,7 @@ function dfrn_notify_content(App $a) {
|
|||
$r = q("SELECT `contact`.*, `user`.`nickname`, `user`.`page-flags` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
|
||||
WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`nickname` = '%s'
|
||||
AND `user`.`account_expired` = 0 AND `user`.`account_removed` = 0 $sql_extra LIMIT 1",
|
||||
dbesc($a->argv[1])
|
||||
DBA::escape($a->argv[1])
|
||||
);
|
||||
|
||||
if (!DBA::isResult($r)) {
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ function dfrn_poll_init(App $a)
|
|||
$user = '';
|
||||
if ($a->argc > 1) {
|
||||
$r = q("SELECT `hidewall`,`nickname` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1",
|
||||
dbesc($a->argv[1])
|
||||
DBA::escape($a->argv[1])
|
||||
);
|
||||
if (!$r) {
|
||||
System::httpExit(404);
|
||||
|
|
@ -77,15 +77,15 @@ function dfrn_poll_init(App $a)
|
|||
$sql_extra = '';
|
||||
switch ($direction) {
|
||||
case -1:
|
||||
$sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
|
||||
$my_id = $dfrn_id;
|
||||
break;
|
||||
case 0:
|
||||
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
|
||||
$my_id = '1:' . $dfrn_id;
|
||||
break;
|
||||
case 1:
|
||||
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
|
||||
$my_id = '0:' . $dfrn_id;
|
||||
break;
|
||||
default:
|
||||
|
|
@ -97,7 +97,7 @@ function dfrn_poll_init(App $a)
|
|||
FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
|
||||
WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
|
||||
AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
|
||||
dbesc($a->argv[1])
|
||||
DBA::escape($a->argv[1])
|
||||
);
|
||||
|
||||
if (DBA::isResult($r)) {
|
||||
|
|
@ -129,8 +129,8 @@ function dfrn_poll_init(App $a)
|
|||
$session_id = session_id();
|
||||
$expire = time() + 86400;
|
||||
q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s'",
|
||||
dbesc($expire),
|
||||
dbesc($session_id)
|
||||
DBA::escape($expire),
|
||||
DBA::escape($session_id)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -144,7 +144,7 @@ function dfrn_poll_init(App $a)
|
|||
if ((strlen($challenge)) && (strlen($sec))) {
|
||||
DBA::delete('profile_check', ["`expire` < ?", time()]);
|
||||
$r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
|
||||
dbesc($sec)
|
||||
DBA::escape($sec)
|
||||
);
|
||||
if (!DBA::isResult($r)) {
|
||||
System::xmlExit(3, 'No ticket');
|
||||
|
|
@ -209,7 +209,7 @@ function dfrn_poll_init(App $a)
|
|||
|
||||
DBA::delete('profile_check', ["`expire` < ?", time()]);
|
||||
$r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
|
||||
dbesc($dfrn_id));
|
||||
DBA::escape($dfrn_id));
|
||||
if (DBA::isResult($r)) {
|
||||
System::xmlExit(1);
|
||||
return; // NOTREACHED
|
||||
|
|
@ -236,7 +236,7 @@ function dfrn_poll_post(App $a)
|
|||
|
||||
DBA::delete('profile_check', ["`expire` < ?", time()]);
|
||||
$r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
|
||||
dbesc($sec)
|
||||
DBA::escape($sec)
|
||||
);
|
||||
if (!DBA::isResult($r)) {
|
||||
System::xmlExit(3, 'No ticket');
|
||||
|
|
@ -296,8 +296,8 @@ function dfrn_poll_post(App $a)
|
|||
}
|
||||
|
||||
$r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
|
||||
dbesc($dfrn_id),
|
||||
dbesc($challenge)
|
||||
DBA::escape($dfrn_id),
|
||||
DBA::escape($challenge)
|
||||
);
|
||||
|
||||
if (!DBA::isResult($r)) {
|
||||
|
|
@ -312,15 +312,15 @@ function dfrn_poll_post(App $a)
|
|||
$sql_extra = '';
|
||||
switch ($direction) {
|
||||
case -1:
|
||||
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND `issued-id` = '%s' ", DBA::escape($dfrn_id));
|
||||
$my_id = $dfrn_id;
|
||||
break;
|
||||
case 0:
|
||||
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
|
||||
$my_id = '1:' . $dfrn_id;
|
||||
break;
|
||||
case 1:
|
||||
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
|
||||
$my_id = '0:' . $dfrn_id;
|
||||
break;
|
||||
default:
|
||||
|
|
@ -339,7 +339,7 @@ function dfrn_poll_post(App $a)
|
|||
|
||||
if ($type === 'reputation' && strlen($url)) {
|
||||
$r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
|
||||
dbesc($url),
|
||||
DBA::escape($url),
|
||||
intval($owner_uid)
|
||||
);
|
||||
$reputation = 0;
|
||||
|
|
@ -417,11 +417,11 @@ function dfrn_poll_content(App $a)
|
|||
if ($type !== 'profile') {
|
||||
$r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
|
||||
VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
|
||||
dbesc($hash),
|
||||
dbesc($dfrn_id),
|
||||
DBA::escape($hash),
|
||||
DBA::escape($dfrn_id),
|
||||
intval(time() + 60 ),
|
||||
dbesc($type),
|
||||
dbesc($last_update)
|
||||
DBA::escape($type),
|
||||
DBA::escape($last_update)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -429,19 +429,19 @@ function dfrn_poll_content(App $a)
|
|||
switch ($direction) {
|
||||
case -1:
|
||||
if ($type === 'profile') {
|
||||
$sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
|
||||
} else {
|
||||
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND `issued-id` = '%s' ", DBA::escape($dfrn_id));
|
||||
}
|
||||
|
||||
$my_id = $dfrn_id;
|
||||
break;
|
||||
case 0:
|
||||
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
|
||||
$my_id = '1:' . $dfrn_id;
|
||||
break;
|
||||
case 1:
|
||||
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
|
||||
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
|
||||
$my_id = '0:' . $dfrn_id;
|
||||
break;
|
||||
default:
|
||||
|
|
@ -455,7 +455,7 @@ function dfrn_poll_content(App $a)
|
|||
FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
|
||||
WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
|
||||
AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
|
||||
dbesc($nickname)
|
||||
DBA::escape($nickname)
|
||||
);
|
||||
if (DBA::isResult($r)) {
|
||||
$challenge = '';
|
||||
|
|
@ -546,8 +546,8 @@ function dfrn_poll_content(App $a)
|
|||
$session_id = session_id();
|
||||
$expire = time() + 86400;
|
||||
q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s'",
|
||||
dbesc($expire),
|
||||
dbesc($session_id)
|
||||
DBA::escape($expire),
|
||||
DBA::escape($session_id)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ function dfrn_request_post(App $a)
|
|||
// Lookup the contact based on their URL (which is the only unique thing we have at the moment)
|
||||
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' AND NOT `self` LIMIT 1",
|
||||
intval(local_user()),
|
||||
dbesc(normalise_link($dfrn_url))
|
||||
DBA::escape(normalise_link($dfrn_url))
|
||||
);
|
||||
|
||||
if (DBA::isResult($r)) {
|
||||
|
|
@ -137,8 +137,8 @@ function dfrn_request_post(App $a)
|
|||
VALUES ( %d, '%s', '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d)",
|
||||
intval(local_user()),
|
||||
DateTimeFormat::utcNow(),
|
||||
dbesc($dfrn_url),
|
||||
dbesc(normalise_link($dfrn_url)),
|
||||
DBA::escape($dfrn_url),
|
||||
DBA::escape(normalise_link($dfrn_url)),
|
||||
$parms['addr'],
|
||||
$parms['fn'],
|
||||
$parms['nick'],
|
||||
|
|
@ -149,7 +149,7 @@ function dfrn_request_post(App $a)
|
|||
$parms['dfrn-notify'],
|
||||
$parms['dfrn-poll'],
|
||||
$parms['dfrn-poco'],
|
||||
dbesc(NETWORK_DFRN),
|
||||
DBA::escape(NETWORK_DFRN),
|
||||
intval($aes_allow),
|
||||
intval($hidden),
|
||||
intval($blocked),
|
||||
|
|
@ -163,7 +163,7 @@ function dfrn_request_post(App $a)
|
|||
|
||||
$r = q("SELECT `id`, `network` FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `site-pubkey` = '%s' LIMIT 1",
|
||||
intval(local_user()),
|
||||
dbesc($dfrn_url),
|
||||
DBA::escape($dfrn_url),
|
||||
$parms['key'] // this was already escaped
|
||||
);
|
||||
if (DBA::isResult($r)) {
|
||||
|
|
@ -239,7 +239,7 @@ function dfrn_request_post(App $a)
|
|||
// Block friend request spam
|
||||
if ($maxreq) {
|
||||
$r = q("SELECT * FROM `intro` WHERE `datetime` > '%s' AND `uid` = %d",
|
||||
dbesc(DateTimeFormat::utc('now - 24 hours')),
|
||||
DBA::escape(DateTimeFormat::utc('now - 24 hours')),
|
||||
intval($uid)
|
||||
);
|
||||
if (DBA::isResult($r) && count($r) > $maxreq) {
|
||||
|
|
@ -302,7 +302,7 @@ function dfrn_request_post(App $a)
|
|||
if ($network === NETWORK_DFRN) {
|
||||
$ret = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `self` = 0 LIMIT 1",
|
||||
intval($uid),
|
||||
dbesc($url)
|
||||
DBA::escape($url)
|
||||
);
|
||||
|
||||
if (DBA::isResult($ret)) {
|
||||
|
|
@ -324,7 +324,7 @@ function dfrn_request_post(App $a)
|
|||
// There is a contact record but no issued-id, so this
|
||||
// is a reciprocal introduction from a known contact
|
||||
$r = q("UPDATE `contact` SET `issued-id` = '%s' WHERE `id` = %d",
|
||||
dbesc($issued_id),
|
||||
DBA::escape($issued_id),
|
||||
intval($contact_record['id'])
|
||||
);
|
||||
} else {
|
||||
|
|
@ -376,9 +376,9 @@ function dfrn_request_post(App $a)
|
|||
`request`, `confirm`, `notify`, `poll`, `poco`, `network`, `blocked`, `pending` )
|
||||
VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )",
|
||||
intval($uid),
|
||||
dbesc(DateTimeFormat::utcNow()),
|
||||
DBA::escape(DateTimeFormat::utcNow()),
|
||||
$parms['url'],
|
||||
dbesc(normalise_link($url)),
|
||||
DBA::escape(normalise_link($url)),
|
||||
$parms['addr'],
|
||||
$parms['fn'],
|
||||
$parms['nick'],
|
||||
|
|
@ -390,7 +390,7 @@ function dfrn_request_post(App $a)
|
|||
$parms['dfrn-notify'],
|
||||
$parms['dfrn-poll'],
|
||||
$parms['dfrn-poco'],
|
||||
dbesc(NETWORK_DFRN),
|
||||
DBA::escape(NETWORK_DFRN),
|
||||
intval($blocked),
|
||||
intval($pending)
|
||||
);
|
||||
|
|
@ -422,9 +422,9 @@ function dfrn_request_post(App $a)
|
|||
intval($uid),
|
||||
intval($contact_record['id']),
|
||||
((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0),
|
||||
dbesc(notags(trim($_POST['dfrn-request-message']))),
|
||||
dbesc($hash),
|
||||
dbesc(DateTimeFormat::utcNow())
|
||||
DBA::escape(notags(trim($_POST['dfrn-request-message']))),
|
||||
DBA::escape($hash),
|
||||
DBA::escape(DateTimeFormat::utcNow())
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -534,7 +534,7 @@ function dfrn_request_content(App $a)
|
|||
// We could just unblock it, but first we have to jump through a few hoops to
|
||||
// send an email, or even to find out if we need to send an email.
|
||||
$intro = q("SELECT * FROM `intro` WHERE `hash` = '%s' LIMIT 1",
|
||||
dbesc($_GET['confirm_key'])
|
||||
DBA::escape($_GET['confirm_key'])
|
||||
);
|
||||
|
||||
if (DBA::isResult($intro)) {
|
||||
|
|
@ -586,7 +586,7 @@ function dfrn_request_content(App $a)
|
|||
// in dfrn_confirm_post()
|
||||
|
||||
$r = q("UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s'",
|
||||
dbesc($_GET['confirm_key'])
|
||||
DBA::escape($_GET['confirm_key'])
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ function directory_content(App $a)
|
|||
}
|
||||
|
||||
if ($search) {
|
||||
$search = dbesc($search);
|
||||
$search = DBA::escape($search);
|
||||
|
||||
$sql_extra = " AND ((`profile`.`name` LIKE '%$search%') OR
|
||||
(`user`.`nickname` LIKE '%$search%') OR
|
||||
|
|
|
|||
|
|
@ -118,9 +118,9 @@ function dirfind_content(App $a, $prefix = "") {
|
|||
((`last_contact` >= `last_failure`) OR (`updated` >= `last_failure`)) AND
|
||||
(`url` LIKE '%s' OR `name` LIKE '%s' OR `location` LIKE '%s' OR
|
||||
`addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql",
|
||||
dbesc(NETWORK_DFRN), dbesc($ostatus), dbesc($diaspora),
|
||||
dbesc(escape_tags($search2)), dbesc(escape_tags($search2)), dbesc(escape_tags($search2)),
|
||||
dbesc(escape_tags($search2)), dbesc(escape_tags($search2)), dbesc(escape_tags($search2)));
|
||||
DBA::escape(NETWORK_DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
|
||||
DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
|
||||
DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)));
|
||||
|
||||
$results = q("SELECT `nurl`
|
||||
FROM `gcontact`
|
||||
|
|
@ -130,9 +130,9 @@ function dirfind_content(App $a, $prefix = "") {
|
|||
`addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql
|
||||
GROUP BY `nurl`
|
||||
ORDER BY `updated` DESC LIMIT %d, %d",
|
||||
dbesc(NETWORK_DFRN), dbesc($ostatus), dbesc($diaspora),
|
||||
dbesc(escape_tags($search2)), dbesc(escape_tags($search2)), dbesc(escape_tags($search2)),
|
||||
dbesc(escape_tags($search2)), dbesc(escape_tags($search2)), dbesc(escape_tags($search2)),
|
||||
DBA::escape(NETWORK_DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
|
||||
DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
|
||||
DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
|
||||
intval($startrec), intval($perpage));
|
||||
$j = new stdClass();
|
||||
$j->total = $count[0]["total"];
|
||||
|
|
|
|||
|
|
@ -39,8 +39,8 @@ function fbrowser_content(App $a)
|
|||
if ($a->argc==2) {
|
||||
$albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' ",
|
||||
intval(local_user()),
|
||||
dbesc('Contact Photos'),
|
||||
dbesc(L10n::t('Contact Photos'))
|
||||
DBA::escape('Contact Photos'),
|
||||
DBA::escape(L10n::t('Contact Photos'))
|
||||
);
|
||||
|
||||
function _map_folder1($el)
|
||||
|
|
@ -54,7 +54,7 @@ function fbrowser_content(App $a)
|
|||
$album = "";
|
||||
if ($a->argc==3) {
|
||||
$album = hex2bin($a->argv[2]);
|
||||
$sql_extra = sprintf("AND `album` = '%s' ", dbesc($album));
|
||||
$sql_extra = sprintf("AND `album` = '%s' ", DBA::escape($album));
|
||||
$sql_extra2 = "";
|
||||
$path[]=[$a->argv[2], $album];
|
||||
}
|
||||
|
|
@ -64,8 +64,8 @@ function fbrowser_content(App $a)
|
|||
FROM `photo` WHERE `uid` = %d $sql_extra AND `album` != '%s' AND `album` != '%s'
|
||||
GROUP BY `resource-id` $sql_extra2",
|
||||
intval(local_user()),
|
||||
dbesc('Contact Photos'),
|
||||
dbesc(L10n::t('Contact Photos'))
|
||||
DBA::escape('Contact Photos'),
|
||||
DBA::escape(L10n::t('Contact Photos'))
|
||||
);
|
||||
|
||||
function _map_files1($rr)
|
||||
|
|
@ -77,7 +77,7 @@ function fbrowser_content(App $a)
|
|||
|
||||
// Take the largest picture that is smaller or equal 640 pixels
|
||||
$p = q("SELECT `scale` FROM `photo` WHERE `resource-id` = '%s' AND `height` <= 640 AND `width` <= 640 ORDER BY `resource-id`, `scale` LIMIT 1",
|
||||
dbesc($rr['resource-id']));
|
||||
DBA::escape($rr['resource-id']));
|
||||
if ($p) {
|
||||
$scale = $p[0]["scale"];
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -65,8 +65,8 @@ function follow_content(App $a)
|
|||
$r = q("SELECT `pending` FROM `contact` WHERE `uid` = %d AND ((`rel` != %d) OR (`network` = '%s')) AND
|
||||
(`nurl` = '%s' OR `alias` = '%s' OR `alias` = '%s') AND
|
||||
`network` != '%s' LIMIT 1",
|
||||
intval(local_user()), dbesc(CONTACT_IS_FOLLOWER), dbesc(NETWORK_DFRN), dbesc(normalise_link($url)),
|
||||
dbesc(normalise_link($url)), dbesc($url), dbesc(NETWORK_STATUSNET));
|
||||
intval(local_user()), DBA::escape(CONTACT_IS_FOLLOWER), DBA::escape(NETWORK_DFRN), DBA::escape(normalise_link($url)),
|
||||
DBA::escape(normalise_link($url)), DBA::escape($url), DBA::escape(NETWORK_STATUSNET));
|
||||
|
||||
if ($r) {
|
||||
if ($r[0]['pending']) {
|
||||
|
|
|
|||
|
|
@ -17,12 +17,12 @@ function friendica_init(App $a)
|
|||
|
||||
$sql_extra = '';
|
||||
if (x($a->config, 'admin_nickname')) {
|
||||
$sql_extra = sprintf(" AND `nickname` = '%s' ", dbesc(Config::get('config', 'admin_nickname')));
|
||||
$sql_extra = sprintf(" AND `nickname` = '%s' ", DBA::escape(Config::get('config', 'admin_nickname')));
|
||||
}
|
||||
if (!empty(Config::get('config', 'admin_email'))) {
|
||||
$adminlist = explode(",", str_replace(" ", "", Config::get('config', 'admin_email')));
|
||||
|
||||
$r = q("SELECT `username`, `nickname` FROM `user` WHERE `email` = '%s' $sql_extra", dbesc($adminlist[0]));
|
||||
$r = q("SELECT `username`, `nickname` FROM `user` WHERE `email` = '%s' $sql_extra", DBA::escape($adminlist[0]));
|
||||
$admin = [
|
||||
'name' => $r[0]['username'],
|
||||
'profile'=> System::baseUrl() . '/profile/' . $r[0]['nickname'],
|
||||
|
|
|
|||
|
|
@ -48,21 +48,21 @@ function fsuggest_post(App $a)
|
|||
VALUES ( %d, %d, '%s','%s','%s','%s','%s','%s')",
|
||||
intval(local_user()),
|
||||
intval($contact_id),
|
||||
dbesc($r[0]['name']),
|
||||
dbesc($r[0]['url']),
|
||||
dbesc($r[0]['request']),
|
||||
dbesc($r[0]['photo']),
|
||||
dbesc($hash),
|
||||
dbesc(DateTimeFormat::utcNow())
|
||||
DBA::escape($r[0]['name']),
|
||||
DBA::escape($r[0]['url']),
|
||||
DBA::escape($r[0]['request']),
|
||||
DBA::escape($r[0]['photo']),
|
||||
DBA::escape($hash),
|
||||
DBA::escape(DateTimeFormat::utcNow())
|
||||
);
|
||||
$r = q("SELECT `id` FROM `fsuggest` WHERE `note` = '%s' AND `uid` = %d LIMIT 1",
|
||||
dbesc($hash),
|
||||
DBA::escape($hash),
|
||||
intval(local_user())
|
||||
);
|
||||
if (DBA::isResult($r)) {
|
||||
$fsuggest_id = $r[0]['id'];
|
||||
q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d",
|
||||
dbesc($note),
|
||||
DBA::escape($note),
|
||||
intval($fsuggest_id),
|
||||
intval(local_user())
|
||||
);
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ function group_post(App $a) {
|
|||
$groupname = notags(trim($_POST['groupname']));
|
||||
if ((strlen($groupname)) && ($groupname != $group['name'])) {
|
||||
$r = q("UPDATE `group` SET `name` = '%s' WHERE `uid` = %d AND `id` = %d",
|
||||
dbesc($groupname),
|
||||
DBA::escape($groupname),
|
||||
intval(local_user()),
|
||||
intval($group['id'])
|
||||
);
|
||||
|
|
|
|||
|
|
@ -61,8 +61,8 @@ function invite_post(App $a)
|
|||
$nmessage = str_replace('$invite_code', $code, $message);
|
||||
|
||||
$r = q("INSERT INTO `register` (`hash`,`created`) VALUES ('%s', '%s') ",
|
||||
dbesc($code),
|
||||
dbesc(DateTimeFormat::utcNow())
|
||||
DBA::escape($code),
|
||||
DBA::escape(DateTimeFormat::utcNow())
|
||||
);
|
||||
|
||||
if (! is_site_admin()) {
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ function lockview_content(App $a) {
|
|||
killme();
|
||||
|
||||
$r = q("SELECT * FROM `%s` WHERE `id` = %d LIMIT 1",
|
||||
dbesc($type),
|
||||
DBA::escape($type),
|
||||
intval($item_id)
|
||||
);
|
||||
if (! DBA::isResult($r)) {
|
||||
|
|
@ -57,7 +57,7 @@ function lockview_content(App $a) {
|
|||
|
||||
if(count($allowed_groups)) {
|
||||
$r = q("SELECT `name` FROM `group` WHERE `id` IN ( %s )",
|
||||
dbesc(implode(', ', $allowed_groups))
|
||||
DBA::escape(implode(', ', $allowed_groups))
|
||||
);
|
||||
if (DBA::isResult($r))
|
||||
foreach($r as $rr)
|
||||
|
|
@ -65,7 +65,7 @@ function lockview_content(App $a) {
|
|||
}
|
||||
if(count($allowed_users)) {
|
||||
$r = q("SELECT `name` FROM `contact` WHERE `id` IN ( %s )",
|
||||
dbesc(implode(', ',$allowed_users))
|
||||
DBA::escape(implode(', ',$allowed_users))
|
||||
);
|
||||
if (DBA::isResult($r))
|
||||
foreach($r as $rr)
|
||||
|
|
@ -75,7 +75,7 @@ function lockview_content(App $a) {
|
|||
|
||||
if(count($deny_groups)) {
|
||||
$r = q("SELECT `name` FROM `group` WHERE `id` IN ( %s )",
|
||||
dbesc(implode(', ', $deny_groups))
|
||||
DBA::escape(implode(', ', $deny_groups))
|
||||
);
|
||||
if (DBA::isResult($r))
|
||||
foreach($r as $rr)
|
||||
|
|
@ -83,7 +83,7 @@ function lockview_content(App $a) {
|
|||
}
|
||||
if(count($deny_users)) {
|
||||
$r = q("SELECT `name` FROM `contact` WHERE `id` IN ( %s )",
|
||||
dbesc(implode(', ',$deny_users))
|
||||
DBA::escape(implode(', ',$deny_users))
|
||||
);
|
||||
if (DBA::isResult($r))
|
||||
foreach($r as $rr)
|
||||
|
|
|
|||
|
|
@ -60,14 +60,14 @@ function manage_post(App $a) {
|
|||
// Check if the target user is one of our children
|
||||
$r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
|
||||
intval($identity),
|
||||
dbesc($orig_record['uid'])
|
||||
DBA::escape($orig_record['uid'])
|
||||
);
|
||||
|
||||
// Check if the target user is one of our siblings
|
||||
if (!DBA::isResult($r) && ($orig_record['parent-uid'] != 0)) {
|
||||
$r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
|
||||
intval($identity),
|
||||
dbesc($orig_record['parent-uid'])
|
||||
DBA::escape($orig_record['parent-uid'])
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -143,7 +143,7 @@ function manage_content(App $a) {
|
|||
//getting additinal information for each identity
|
||||
foreach ($identities as $key=>$id) {
|
||||
$thumb = q("SELECT `thumb` FROM `contact` WHERE `uid` = '%s' AND `self` = 1",
|
||||
dbesc($id['uid'])
|
||||
DBA::escape($id['uid'])
|
||||
);
|
||||
|
||||
$identities[$key]['thumb'] = $thumb[0]['thumb'];
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
/**
|
||||
* @file mod/match.php
|
||||
*/
|
||||
|
||||
use Friendica\App;
|
||||
use Friendica\Content\Widget;
|
||||
use Friendica\Core\Config;
|
||||
|
|
@ -9,7 +10,6 @@ use Friendica\Core\L10n;
|
|||
use Friendica\Core\System;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\Profile;
|
||||
use Friendica\Util\Network;
|
||||
|
||||
require_once 'include/text.php';
|
||||
|
|
@ -79,7 +79,7 @@ function match_content(App $a)
|
|||
$match = q(
|
||||
"SELECT `nurl` FROM `contact` WHERE `uid` = '%d' AND nurl='%s' LIMIT 1",
|
||||
intval(local_user()),
|
||||
dbesc($match_nurl)
|
||||
DBA::escape($match_nurl)
|
||||
);
|
||||
|
||||
if (!count($match)) {
|
||||
|
|
|
|||
|
|
@ -217,14 +217,14 @@ function message_content(App $a)
|
|||
if (!DBA::isResult($r)) {
|
||||
$r = q("SELECT `name`, `url`, `id` FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' LIMIT 1",
|
||||
intval(local_user()),
|
||||
dbesc(normalise_link(base64_decode($a->argv[2])))
|
||||
DBA::escape(normalise_link(base64_decode($a->argv[2])))
|
||||
);
|
||||
}
|
||||
|
||||
if (!DBA::isResult($r)) {
|
||||
$r = q("SELECT `name`, `url`, `id` FROM `contact` WHERE `uid` = %d AND `addr` = '%s' LIMIT 1",
|
||||
intval(local_user()),
|
||||
dbesc(base64_decode($a->argv[2]))
|
||||
DBA::escape(base64_decode($a->argv[2]))
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -311,10 +311,10 @@ function message_content(App $a)
|
|||
$contact_id = $r[0]['contact-id'];
|
||||
$convid = $r[0]['convid'];
|
||||
|
||||
$sql_extra = sprintf(" and `mail`.`parent-uri` = '%s' ", dbesc($r[0]['parent-uri']));
|
||||
$sql_extra = sprintf(" and `mail`.`parent-uri` = '%s' ", DBA::escape($r[0]['parent-uri']));
|
||||
if ($convid)
|
||||
$sql_extra = sprintf(" and ( `mail`.`parent-uri` = '%s' OR `mail`.`convid` = '%d' ) ",
|
||||
dbesc($r[0]['parent-uri']),
|
||||
DBA::escape($r[0]['parent-uri']),
|
||||
intval($convid)
|
||||
);
|
||||
|
||||
|
|
@ -332,7 +332,7 @@ function message_content(App $a)
|
|||
}
|
||||
|
||||
$r = q("UPDATE `mail` SET `seen` = 1 WHERE `parent-uri` = '%s' AND `uid` = %d",
|
||||
dbesc($r[0]['parent-uri']),
|
||||
DBA::escape($r[0]['parent-uri']),
|
||||
intval(local_user())
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ function modexp_init(App $a) {
|
|||
|
||||
$nick = $a->argv[1];
|
||||
$r = q("SELECT `spubkey` FROM `user` WHERE `nickname` = '%s' LIMIT 1",
|
||||
dbesc($nick)
|
||||
DBA::escape($nick)
|
||||
);
|
||||
|
||||
if (! DBA::isResult($r)) {
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ function msearch_post(App $a) {
|
|||
killme();
|
||||
|
||||
$r = q("SELECT COUNT(*) AS `total` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 AND `user`.`hidewall` = 0 AND MATCH `pub_keywords` AGAINST ('%s') ",
|
||||
dbesc($search)
|
||||
DBA::escape($search)
|
||||
);
|
||||
|
||||
if (DBA::isResult($r))
|
||||
|
|
@ -24,7 +24,7 @@ function msearch_post(App $a) {
|
|||
$results = [];
|
||||
|
||||
$r = q("SELECT `pub_keywords`, `username`, `nickname`, `user`.`uid` FROM `user` LEFT JOIN `profile` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 AND `user`.`hidewall` = 0 AND MATCH `pub_keywords` AGAINST ('%s') LIMIT %d , %d ",
|
||||
dbesc($search),
|
||||
DBA::escape($search),
|
||||
intval($startrec),
|
||||
intval($perpage)
|
||||
);
|
||||
|
|
|
|||
|
|
@ -604,8 +604,8 @@ function networkThreadedView(App $a, $update, $parent)
|
|||
$sql_post_table = " INNER JOIN `thread` ON `thread`.`iid` = `item`.`parent`";
|
||||
}
|
||||
|
||||
$sql_nets = (($nets) ? sprintf(" AND $sql_table.`network` = '%s' ", dbesc($nets)) : '');
|
||||
$sql_tag_nets = (($nets) ? sprintf(" AND `item`.`network` = '%s' ", dbesc($nets)) : '');
|
||||
$sql_nets = (($nets) ? sprintf(" AND $sql_table.`network` = '%s' ", DBA::escape($nets)) : '');
|
||||
$sql_tag_nets = (($nets) ? sprintf(" AND `item`.`network` = '%s' ", DBA::escape($nets)) : '');
|
||||
|
||||
if ($gid) {
|
||||
$group = DBA::selectFirst('group', ['name'], ['id' => $gid, 'uid' => local_user()]);
|
||||
|
|
@ -680,11 +680,11 @@ function networkThreadedView(App $a, $update, $parent)
|
|||
|
||||
if ($datequery) {
|
||||
$sql_extra3 .= protect_sprintf(sprintf(" AND $sql_table.created <= '%s' ",
|
||||
dbesc(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get()))));
|
||||
DBA::escape(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get()))));
|
||||
}
|
||||
if ($datequery2) {
|
||||
$sql_extra3 .= protect_sprintf(sprintf(" AND $sql_table.created >= '%s' ",
|
||||
dbesc(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get()))));
|
||||
DBA::escape(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get()))));
|
||||
}
|
||||
|
||||
if ($conv) {
|
||||
|
|
@ -703,7 +703,7 @@ function networkThreadedView(App $a, $update, $parent)
|
|||
$sql_order = "$sql_table.$ordering";
|
||||
|
||||
if (x($_GET, 'offset')) {
|
||||
$sql_range = sprintf(" AND $sql_order <= '%s'", dbesc($_GET['offset']));
|
||||
$sql_range = sprintf(" AND $sql_order <= '%s'", DBA::escape($_GET['offset']));
|
||||
} else {
|
||||
$sql_range = '';
|
||||
}
|
||||
|
|
@ -716,7 +716,7 @@ function networkThreadedView(App $a, $update, $parent)
|
|||
case 'received':
|
||||
if ($last_received != '') {
|
||||
$last_date = $last_received;
|
||||
$sql_range .= sprintf(" AND $sql_table.`received` < '%s'", dbesc($last_received));
|
||||
$sql_range .= sprintf(" AND $sql_table.`received` < '%s'", DBA::escape($last_received));
|
||||
$a->set_pager_page(1);
|
||||
$pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']));
|
||||
}
|
||||
|
|
@ -724,7 +724,7 @@ function networkThreadedView(App $a, $update, $parent)
|
|||
case 'commented':
|
||||
if ($last_commented != '') {
|
||||
$last_date = $last_commented;
|
||||
$sql_range .= sprintf(" AND $sql_table.`commented` < '%s'", dbesc($last_commented));
|
||||
$sql_range .= sprintf(" AND $sql_table.`commented` < '%s'", DBA::escape($last_commented));
|
||||
$a->set_pager_page(1);
|
||||
$pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']));
|
||||
}
|
||||
|
|
@ -732,14 +732,14 @@ function networkThreadedView(App $a, $update, $parent)
|
|||
case 'created':
|
||||
if ($last_created != '') {
|
||||
$last_date = $last_created;
|
||||
$sql_range .= sprintf(" AND $sql_table.`created` < '%s'", dbesc($last_created));
|
||||
$sql_range .= sprintf(" AND $sql_table.`created` < '%s'", DBA::escape($last_created));
|
||||
$a->set_pager_page(1);
|
||||
$pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']));
|
||||
}
|
||||
break;
|
||||
case 'id':
|
||||
if (($last_id > 0) && ($sql_table == '`thread`')) {
|
||||
$sql_range .= sprintf(" AND $sql_table.`iid` < '%s'", dbesc($last_id));
|
||||
$sql_range .= sprintf(" AND $sql_table.`iid` < '%s'", DBA::escape($last_id));
|
||||
$a->set_pager_page(1);
|
||||
$pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']));
|
||||
}
|
||||
|
|
@ -902,7 +902,7 @@ function networkThreadedView(App $a, $update, $parent)
|
|||
$condition = ['unseen' => true, 'uid' => local_user()];
|
||||
networkSetSeen($condition);
|
||||
} elseif ($parents_str) {
|
||||
$condition = ["`uid` = ? AND `unseen` AND `parent` IN (" . dbesc($parents_str) . ")", local_user()];
|
||||
$condition = ["`uid` = ? AND `unseen` AND `parent` IN (" . DBA::escape($parents_str) . ")", local_user()];
|
||||
networkSetSeen($condition);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -61,9 +61,9 @@ function noscrape_init(App $a)
|
|||
$r = q("SELECT COUNT(*) AS `total` FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 and `pending` = 0 AND `hidden` = 0 AND `archive` = 0
|
||||
AND `network` IN ('%s', '%s', '%s', '')",
|
||||
intval($a->profile['uid']),
|
||||
dbesc(NETWORK_DFRN),
|
||||
dbesc(NETWORK_DIASPORA),
|
||||
dbesc(NETWORK_OSTATUS)
|
||||
DBA::escape(NETWORK_DFRN),
|
||||
DBA::escape(NETWORK_DIASPORA),
|
||||
DBA::escape(NETWORK_OSTATUS)
|
||||
);
|
||||
if (DBA::isResult($r)) {
|
||||
$json_info["contacts"] = intval($r[0]['total']);
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ function openid_content(App $a) {
|
|||
AND `blocked` = 0 AND `account_expired` = 0
|
||||
AND `account_removed` = 0 AND `verified` = 1
|
||||
LIMIT 1",
|
||||
dbesc($authid), dbesc(normalise_openid($authid))
|
||||
DBA::escape($authid), DBA::escape(normalise_openid($authid))
|
||||
);
|
||||
|
||||
if (DBA::isResult($r)) {
|
||||
|
|
|
|||
|
|
@ -107,7 +107,7 @@ function photo_init(App $a)
|
|||
|
||||
// check if the photo exists and get the owner of the photo
|
||||
$r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' LIMIT 1",
|
||||
dbesc($photo),
|
||||
DBA::escape($photo),
|
||||
intval($resolution)
|
||||
);
|
||||
if (DBA::isResult($r)) {
|
||||
|
|
@ -115,7 +115,7 @@ function photo_init(App $a)
|
|||
|
||||
// Now we'll see if we can access the photo
|
||||
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` <= %d $sql_extra ORDER BY scale DESC LIMIT 1",
|
||||
dbesc($photo),
|
||||
DBA::escape($photo),
|
||||
intval($resolution)
|
||||
);
|
||||
if (DBA::isResult($r)) {
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ function photos_init(App $a) {
|
|||
if ($a->argc > 1) {
|
||||
$nick = $a->argv[1];
|
||||
$user = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
|
||||
dbesc($nick)
|
||||
DBA::escape($nick)
|
||||
);
|
||||
|
||||
if (!DBA::isResult($user)) {
|
||||
|
|
@ -198,7 +198,7 @@ function photos_post(App $a)
|
|||
}
|
||||
|
||||
$r = q("SELECT `album` FROM `photo` WHERE `album` = '%s' AND `uid` = %d",
|
||||
dbesc($album),
|
||||
DBA::escape($album),
|
||||
intval($page_owner_uid)
|
||||
);
|
||||
if (!DBA::isResult($r)) {
|
||||
|
|
@ -216,8 +216,8 @@ function photos_post(App $a)
|
|||
$newalbum = notags(trim($_POST['albumname']));
|
||||
if ($newalbum != $album) {
|
||||
q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
|
||||
dbesc($newalbum),
|
||||
dbesc($album),
|
||||
DBA::escape($newalbum),
|
||||
DBA::escape($album),
|
||||
intval($page_owner_uid)
|
||||
);
|
||||
// Update the photo albums cache
|
||||
|
|
@ -262,17 +262,17 @@ function photos_post(App $a)
|
|||
$r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `album` = '%s'",
|
||||
intval($visitor),
|
||||
intval($page_owner_uid),
|
||||
dbesc($album)
|
||||
DBA::escape($album)
|
||||
);
|
||||
} else {
|
||||
$r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'",
|
||||
intval(local_user()),
|
||||
dbesc($album)
|
||||
DBA::escape($album)
|
||||
);
|
||||
}
|
||||
if (DBA::isResult($r)) {
|
||||
foreach ($r as $rr) {
|
||||
$res[] = "'" . dbesc($rr['rid']) . "'" ;
|
||||
$res[] = "'" . DBA::escape($rr['rid']) . "'" ;
|
||||
}
|
||||
} else {
|
||||
goaway($_SESSION['photo_return']);
|
||||
|
|
@ -327,19 +327,19 @@ function photos_post(App $a)
|
|||
$r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource-id` = '%s' LIMIT 1",
|
||||
intval($visitor),
|
||||
intval($page_owner_uid),
|
||||
dbesc($a->argv[2])
|
||||
DBA::escape($a->argv[2])
|
||||
);
|
||||
} else {
|
||||
$r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1",
|
||||
intval(local_user()),
|
||||
dbesc($a->argv[2])
|
||||
DBA::escape($a->argv[2])
|
||||
);
|
||||
}
|
||||
|
||||
if (DBA::isResult($r)) {
|
||||
q("DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'",
|
||||
intval($page_owner_uid),
|
||||
dbesc($r[0]['resource-id'])
|
||||
DBA::escape($r[0]['resource-id'])
|
||||
);
|
||||
|
||||
Item::deleteForUser(['resource-id' => $r[0]['resource-id'], 'uid' => $page_owner_uid], $page_owner_uid);
|
||||
|
|
@ -374,7 +374,7 @@ function photos_post(App $a)
|
|||
logger('rotate');
|
||||
|
||||
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 0 LIMIT 1",
|
||||
dbesc($resource_id),
|
||||
DBA::escape($resource_id),
|
||||
intval($page_owner_uid)
|
||||
);
|
||||
|
||||
|
|
@ -389,10 +389,10 @@ function photos_post(App $a)
|
|||
$height = $image->getHeight();
|
||||
|
||||
$x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 0",
|
||||
dbesc($image->asString()),
|
||||
DBA::escape($image->asString()),
|
||||
intval($height),
|
||||
intval($width),
|
||||
dbesc($resource_id),
|
||||
DBA::escape($resource_id),
|
||||
intval($page_owner_uid)
|
||||
);
|
||||
|
||||
|
|
@ -402,10 +402,10 @@ function photos_post(App $a)
|
|||
$height = $image->getHeight();
|
||||
|
||||
$x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 1",
|
||||
dbesc($image->asString()),
|
||||
DBA::escape($image->asString()),
|
||||
intval($height),
|
||||
intval($width),
|
||||
dbesc($resource_id),
|
||||
DBA::escape($resource_id),
|
||||
intval($page_owner_uid)
|
||||
);
|
||||
}
|
||||
|
|
@ -416,10 +416,10 @@ function photos_post(App $a)
|
|||
$height = $image->getHeight();
|
||||
|
||||
$x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 2",
|
||||
dbesc($image->asString()),
|
||||
DBA::escape($image->asString()),
|
||||
intval($height),
|
||||
intval($width),
|
||||
dbesc($resource_id),
|
||||
DBA::escape($resource_id),
|
||||
intval($page_owner_uid)
|
||||
);
|
||||
}
|
||||
|
|
@ -428,19 +428,19 @@ function photos_post(App $a)
|
|||
}
|
||||
|
||||
$p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ORDER BY `scale` DESC",
|
||||
dbesc($resource_id),
|
||||
DBA::escape($resource_id),
|
||||
intval($page_owner_uid)
|
||||
);
|
||||
if (DBA::isResult($p)) {
|
||||
$ext = $phototypes[$p[0]['type']];
|
||||
$r = q("UPDATE `photo` SET `desc` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d",
|
||||
dbesc($desc),
|
||||
dbesc($albname),
|
||||
dbesc($str_contact_allow),
|
||||
dbesc($str_group_allow),
|
||||
dbesc($str_contact_deny),
|
||||
dbesc($str_group_deny),
|
||||
dbesc($resource_id),
|
||||
DBA::escape($desc),
|
||||
DBA::escape($albname),
|
||||
DBA::escape($str_contact_allow),
|
||||
DBA::escape($str_group_allow),
|
||||
DBA::escape($str_contact_deny),
|
||||
DBA::escape($str_group_deny),
|
||||
DBA::escape($resource_id),
|
||||
intval($page_owner_uid)
|
||||
);
|
||||
|
||||
|
|
@ -554,15 +554,15 @@ function photos_post(App $a)
|
|||
|
||||
//select someone from this user's contacts by name
|
||||
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
|
||||
dbesc($newname),
|
||||
DBA::escape($newname),
|
||||
intval($page_owner_uid)
|
||||
);
|
||||
|
||||
if (!DBA::isResult($r)) {
|
||||
//select someone by attag or nick and the name passed in
|
||||
$r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
|
||||
dbesc($name),
|
||||
dbesc($name),
|
||||
DBA::escape($name),
|
||||
DBA::escape($name),
|
||||
intval($page_owner_uid)
|
||||
);
|
||||
}
|
||||
|
|
@ -707,7 +707,7 @@ function photos_post(App $a)
|
|||
*/
|
||||
|
||||
$r = q("SELECT * FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `created` > UTC_TIMESTAMP() - INTERVAL 3 HOUR ",
|
||||
dbesc($album),
|
||||
DBA::escape($album),
|
||||
intval($page_owner_uid)
|
||||
);
|
||||
|
||||
|
|
@ -1111,7 +1111,7 @@ function photos_content(App $a)
|
|||
$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s'
|
||||
AND `scale` <= 4 $sql_extra GROUP BY `resource-id`",
|
||||
intval($owner_uid),
|
||||
dbesc($album)
|
||||
DBA::escape($album)
|
||||
);
|
||||
if (DBA::isResult($r)) {
|
||||
$a->set_pager_total(count($r));
|
||||
|
|
@ -1132,7 +1132,7 @@ function photos_content(App $a)
|
|||
FROM `photo` WHERE `uid` = %d AND `album` = '%s'
|
||||
AND `scale` <= 4 $sql_extra GROUP BY `resource-id` ORDER BY `created` $order LIMIT %d , %d",
|
||||
intval($owner_uid),
|
||||
dbesc($album),
|
||||
DBA::escape($album),
|
||||
intval($a->pager['start']),
|
||||
intval($a->pager['itemspage'])
|
||||
);
|
||||
|
|
@ -1216,14 +1216,14 @@ function photos_content(App $a)
|
|||
$ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'
|
||||
$sql_extra ORDER BY `scale` ASC ",
|
||||
intval($owner_uid),
|
||||
dbesc($datum)
|
||||
DBA::escape($datum)
|
||||
);
|
||||
|
||||
if (!DBA::isResult($ph)) {
|
||||
$ph = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'
|
||||
LIMIT 1",
|
||||
intval($owner_uid),
|
||||
dbesc($datum)
|
||||
DBA::escape($datum)
|
||||
);
|
||||
if (DBA::isResult($ph)) {
|
||||
notice(L10n::t('Permission denied. Access to this item may be restricted.'));
|
||||
|
|
@ -1252,7 +1252,7 @@ function photos_content(App $a)
|
|||
|
||||
$prvnxt = q("SELECT `resource-id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0
|
||||
$sql_extra ORDER BY `created` $order ",
|
||||
dbesc($ph[0]['album']),
|
||||
DBA::escape($ph[0]['album']),
|
||||
intval($owner_uid)
|
||||
);
|
||||
|
||||
|
|
@ -1347,7 +1347,7 @@ function photos_content(App $a)
|
|||
|
||||
/// @todo Rewrite this query. To do so, $sql_extra must be changed
|
||||
$linked_items = q("SELECT `id` FROM `item` WHERE `resource-id` = '%s' $sql_extra LIMIT 1",
|
||||
dbesc($datum)
|
||||
DBA::escape($datum)
|
||||
);
|
||||
|
||||
$map = null;
|
||||
|
|
@ -1615,8 +1615,8 @@ function photos_content(App $a)
|
|||
$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
|
||||
$sql_extra GROUP BY `resource-id`",
|
||||
intval($a->data['user']['uid']),
|
||||
dbesc('Contact Photos'),
|
||||
dbesc(L10n::t('Contact Photos'))
|
||||
DBA::escape('Contact Photos'),
|
||||
DBA::escape(L10n::t('Contact Photos'))
|
||||
);
|
||||
|
||||
if (DBA::isResult($r)) {
|
||||
|
|
@ -1630,8 +1630,8 @@ function photos_content(App $a)
|
|||
WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
|
||||
$sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d",
|
||||
intval($a->data['user']['uid']),
|
||||
dbesc('Contact Photos'),
|
||||
dbesc(L10n::t('Contact Photos')),
|
||||
DBA::escape('Contact Photos'),
|
||||
DBA::escape(L10n::t('Contact Photos')),
|
||||
intval($a->pager['start']),
|
||||
intval($a->pager['itemspage'])
|
||||
);
|
||||
|
|
|
|||
10
mod/ping.php
10
mod/ping.php
|
|
@ -197,7 +197,7 @@ function ping_init(App $a)
|
|||
"SELECT `id`, `from-name`, `from-url`, `from-photo`, `created` FROM `mail`
|
||||
WHERE `uid` = %d AND `seen` = 0 AND `from-url` != '%s' ",
|
||||
intval(local_user()),
|
||||
dbesc($myurl)
|
||||
DBA::escape($myurl)
|
||||
);
|
||||
$mail_count = count($mails);
|
||||
|
||||
|
|
@ -221,8 +221,8 @@ function ping_init(App $a)
|
|||
WHERE `event`.`uid` = %d AND `start` < '%s' AND `finish` > '%s' and `ignore` = 0
|
||||
ORDER BY `start` ASC ",
|
||||
intval(local_user()),
|
||||
dbesc(DateTimeFormat::utc('now + 7 days')),
|
||||
dbesc(DateTimeFormat::utcNow())
|
||||
DBA::escape(DateTimeFormat::utc('now + 7 days')),
|
||||
DBA::escape(DateTimeFormat::utcNow())
|
||||
);
|
||||
if (DBA::isResult($ev)) {
|
||||
Cache::set($cachekey, $ev, CACHE_HOUR);
|
||||
|
|
@ -481,8 +481,8 @@ function ping_get_notifications($uid)
|
|||
|
||||
q(
|
||||
"UPDATE `notify` SET `name_cache` = '%s', `msg_cache` = '%s' WHERE `id` = %d",
|
||||
dbesc($notification["name"]),
|
||||
dbesc($notification["message"]),
|
||||
DBA::escape($notification["name"]),
|
||||
DBA::escape($notification["message"]),
|
||||
intval($notification["id"])
|
||||
);
|
||||
}
|
||||
|
|
|
|||
34
mod/poco.php
34
mod/poco.php
|
|
@ -65,7 +65,7 @@ function poco_init(App $a) {
|
|||
if (! $system_mode && ! $global) {
|
||||
$users = q("SELECT `user`.*,`profile`.`hide-friends` from user left join profile on `user`.`uid` = `profile`.`uid`
|
||||
where `user`.`nickname` = '%s' and `profile`.`is-default` = 1 limit 1",
|
||||
dbesc($user)
|
||||
DBA::escape($user)
|
||||
);
|
||||
if (! DBA::isResult($users) || $users[0]['hidewall'] || $users[0]['hide-friends']) {
|
||||
System::httpExit(404);
|
||||
|
|
@ -88,10 +88,10 @@ function poco_init(App $a) {
|
|||
}
|
||||
if ($global) {
|
||||
$contacts = q("SELECT count(*) AS `total` FROM `gcontact` WHERE `updated` >= '%s' AND `updated` >= `last_failure` AND NOT `hide` AND `network` IN ('%s', '%s', '%s')",
|
||||
dbesc($update_limit),
|
||||
dbesc(NETWORK_DFRN),
|
||||
dbesc(NETWORK_DIASPORA),
|
||||
dbesc(NETWORK_OSTATUS)
|
||||
DBA::escape($update_limit),
|
||||
DBA::escape(NETWORK_DFRN),
|
||||
DBA::escape(NETWORK_DIASPORA),
|
||||
DBA::escape(NETWORK_OSTATUS)
|
||||
);
|
||||
} elseif ($system_mode) {
|
||||
$contacts = q("SELECT count(*) AS `total` FROM `contact` WHERE `self` = 1
|
||||
|
|
@ -101,10 +101,10 @@ function poco_init(App $a) {
|
|||
AND (`success_update` >= `failure_update` OR `last-item` >= `failure_update`)
|
||||
AND `network` IN ('%s', '%s', '%s', '%s') $sql_extra",
|
||||
intval($user['uid']),
|
||||
dbesc(NETWORK_DFRN),
|
||||
dbesc(NETWORK_DIASPORA),
|
||||
dbesc(NETWORK_OSTATUS),
|
||||
dbesc(NETWORK_STATUSNET)
|
||||
DBA::escape(NETWORK_DFRN),
|
||||
DBA::escape(NETWORK_DIASPORA),
|
||||
DBA::escape(NETWORK_OSTATUS),
|
||||
DBA::escape(NETWORK_STATUSNET)
|
||||
);
|
||||
}
|
||||
if (DBA::isResult($contacts)) {
|
||||
|
|
@ -123,10 +123,10 @@ function poco_init(App $a) {
|
|||
logger("Start global query", LOGGER_DEBUG);
|
||||
$contacts = q("SELECT * FROM `gcontact` WHERE `updated` > '%s' AND NOT `hide` AND `network` IN ('%s', '%s', '%s') AND `updated` > `last_failure`
|
||||
ORDER BY `updated` DESC LIMIT %d, %d",
|
||||
dbesc($update_limit),
|
||||
dbesc(NETWORK_DFRN),
|
||||
dbesc(NETWORK_DIASPORA),
|
||||
dbesc(NETWORK_OSTATUS),
|
||||
DBA::escape($update_limit),
|
||||
DBA::escape(NETWORK_DFRN),
|
||||
DBA::escape(NETWORK_DIASPORA),
|
||||
DBA::escape(NETWORK_OSTATUS),
|
||||
intval($startIndex),
|
||||
intval($itemsPerPage)
|
||||
);
|
||||
|
|
@ -148,10 +148,10 @@ function poco_init(App $a) {
|
|||
AND (`success_update` >= `failure_update` OR `last-item` >= `failure_update`)
|
||||
AND `network` IN ('%s', '%s', '%s', '%s') $sql_extra LIMIT %d, %d",
|
||||
intval($user['uid']),
|
||||
dbesc(NETWORK_DFRN),
|
||||
dbesc(NETWORK_DIASPORA),
|
||||
dbesc(NETWORK_OSTATUS),
|
||||
dbesc(NETWORK_STATUSNET),
|
||||
DBA::escape(NETWORK_DFRN),
|
||||
DBA::escape(NETWORK_DIASPORA),
|
||||
DBA::escape(NETWORK_OSTATUS),
|
||||
DBA::escape(NETWORK_STATUSNET),
|
||||
intval($startIndex),
|
||||
intval($itemsPerPage)
|
||||
);
|
||||
|
|
|
|||
|
|
@ -257,19 +257,19 @@ function profile_content(App $a, $update = 0)
|
|||
|
||||
if (x($category)) {
|
||||
$sql_post_table = sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
|
||||
dbesc(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($a->profile['profile_uid']));
|
||||
DBA::escape(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($a->profile['profile_uid']));
|
||||
}
|
||||
|
||||
if (x($hashtags)) {
|
||||
$sql_post_table .= sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
|
||||
dbesc(protect_sprintf($hashtags)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), intval($a->profile['profile_uid']));
|
||||
DBA::escape(protect_sprintf($hashtags)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), intval($a->profile['profile_uid']));
|
||||
}
|
||||
|
||||
if ($datequery) {
|
||||
$sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` <= '%s' ", dbesc(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get()))));
|
||||
$sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` <= '%s' ", DBA::escape(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get()))));
|
||||
}
|
||||
if ($datequery2) {
|
||||
$sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` >= '%s' ", dbesc(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get()))));
|
||||
$sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` >= '%s' ", DBA::escape(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get()))));
|
||||
}
|
||||
|
||||
// Belongs the profile page to a forum?
|
||||
|
|
|
|||
|
|
@ -69,8 +69,8 @@ function profile_photo_post(App $a)
|
|||
$srcW = $_POST['xfinal'] - $srcX;
|
||||
$srcH = $_POST['yfinal'] - $srcY;
|
||||
|
||||
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = %d LIMIT 1", dbesc($image_id),
|
||||
dbesc(local_user()), intval($scale));
|
||||
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = %d LIMIT 1", DBA::escape($image_id),
|
||||
DBA::escape(local_user()), intval($scale));
|
||||
|
||||
$url = System::baseUrl() . '/profile/' . $a->user['nickname'];
|
||||
if (DBA::isResult($r)) {
|
||||
|
|
@ -109,12 +109,12 @@ function profile_photo_post(App $a)
|
|||
|
||||
if ($is_default_profile) {
|
||||
$r = q("UPDATE `photo` SET `profile` = 0 WHERE `profile` = 1 AND `resource-id` != '%s' AND `uid` = %d",
|
||||
dbesc($base_image['resource-id']), intval(local_user())
|
||||
DBA::escape($base_image['resource-id']), intval(local_user())
|
||||
);
|
||||
} else {
|
||||
$r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d",
|
||||
dbesc(System::baseUrl() . '/photo/' . $base_image['resource-id'] . '-4.' . $Image->getExt()),
|
||||
dbesc(System::baseUrl() . '/photo/' . $base_image['resource-id'] . '-5.' . $Image->getExt()),
|
||||
DBA::escape(System::baseUrl() . '/photo/' . $base_image['resource-id'] . '-4.' . $Image->getExt()),
|
||||
DBA::escape(System::baseUrl() . '/photo/' . $base_image['resource-id'] . '-5.' . $Image->getExt()),
|
||||
intval($_REQUEST['profile']), intval(local_user())
|
||||
);
|
||||
}
|
||||
|
|
@ -191,7 +191,7 @@ function profile_photo_content(App $a)
|
|||
$resource_id = $a->argv[2];
|
||||
//die(":".local_user());
|
||||
$r = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' ORDER BY `scale` ASC", intval(local_user()),
|
||||
dbesc($resource_id)
|
||||
DBA::escape($resource_id)
|
||||
);
|
||||
|
||||
if (!DBA::isResult($r)) {
|
||||
|
|
@ -212,7 +212,7 @@ function profile_photo_content(App $a)
|
|||
$r = q("UPDATE `photo` SET `profile`=0 WHERE `profile`=1 AND `uid`=%d", intval(local_user()));
|
||||
|
||||
$r = q("UPDATE `photo` SET `profile`=1 WHERE `uid` = %d AND `resource-id` = '%s'", intval(local_user()),
|
||||
dbesc($resource_id)
|
||||
DBA::escape($resource_id)
|
||||
);
|
||||
|
||||
Contact::updateSelfFromUserID(local_user(), true);
|
||||
|
|
|
|||
|
|
@ -78,15 +78,15 @@ function profiles_init(App $a) {
|
|||
$r2 = q("INSERT INTO `profile` (`uid` , `profile-name` , `name`, `photo`, `thumb`)
|
||||
VALUES ( %d, '%s', '%s', '%s', '%s' )",
|
||||
intval(local_user()),
|
||||
dbesc($name),
|
||||
dbesc($r1[0]['name']),
|
||||
dbesc($r1[0]['photo']),
|
||||
dbesc($r1[0]['thumb'])
|
||||
DBA::escape($name),
|
||||
DBA::escape($r1[0]['name']),
|
||||
DBA::escape($r1[0]['photo']),
|
||||
DBA::escape($r1[0]['thumb'])
|
||||
);
|
||||
|
||||
$r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile-name` = '%s' LIMIT 1",
|
||||
intval(local_user()),
|
||||
dbesc($name)
|
||||
DBA::escape($name)
|
||||
);
|
||||
|
||||
info(L10n::t('New profile created.') . EOL);
|
||||
|
|
@ -120,13 +120,13 @@ function profiles_init(App $a) {
|
|||
$r1[0]['is-default'] = 0;
|
||||
$r1[0]['publish'] = 0;
|
||||
$r1[0]['net-publish'] = 0;
|
||||
$r1[0]['profile-name'] = dbesc($name);
|
||||
$r1[0]['profile-name'] = DBA::escape($name);
|
||||
|
||||
DBA::insert('profile', $r1[0]);
|
||||
|
||||
$r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile-name` = '%s' LIMIT 1",
|
||||
intval(local_user()),
|
||||
dbesc($name)
|
||||
DBA::escape($name)
|
||||
);
|
||||
info(L10n::t('New profile created.') . EOL);
|
||||
if ((DBA::isResult($r3)) && (count($r3) == 1)) {
|
||||
|
|
@ -283,12 +283,12 @@ function profiles_post(App $a) {
|
|||
$newname = $lookup;
|
||||
|
||||
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
|
||||
dbesc($newname),
|
||||
DBA::escape($newname),
|
||||
intval(local_user())
|
||||
);
|
||||
if (! DBA::isResult($r)) {
|
||||
$r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1",
|
||||
dbesc($lookup),
|
||||
DBA::escape($lookup),
|
||||
intval(local_user())
|
||||
);
|
||||
}
|
||||
|
|
@ -440,39 +440,39 @@ function profiles_post(App $a) {
|
|||
`education` = '%s',
|
||||
`hide-friends` = %d
|
||||
WHERE `id` = %d AND `uid` = %d",
|
||||
dbesc($profile_name),
|
||||
dbesc($name),
|
||||
dbesc($pdesc),
|
||||
dbesc($gender),
|
||||
dbesc($dob),
|
||||
dbesc($address),
|
||||
dbesc($locality),
|
||||
dbesc($region),
|
||||
dbesc($postal_code),
|
||||
dbesc($country_name),
|
||||
dbesc($marital),
|
||||
dbesc($with),
|
||||
dbesc($howlong),
|
||||
dbesc($sexual),
|
||||
dbesc($xmpp),
|
||||
dbesc($homepage),
|
||||
dbesc($hometown),
|
||||
dbesc($politic),
|
||||
dbesc($religion),
|
||||
dbesc($pub_keywords),
|
||||
dbesc($prv_keywords),
|
||||
dbesc($likes),
|
||||
dbesc($dislikes),
|
||||
dbesc($about),
|
||||
dbesc($interest),
|
||||
dbesc($contact),
|
||||
dbesc($music),
|
||||
dbesc($book),
|
||||
dbesc($tv),
|
||||
dbesc($film),
|
||||
dbesc($romance),
|
||||
dbesc($work),
|
||||
dbesc($education),
|
||||
DBA::escape($profile_name),
|
||||
DBA::escape($name),
|
||||
DBA::escape($pdesc),
|
||||
DBA::escape($gender),
|
||||
DBA::escape($dob),
|
||||
DBA::escape($address),
|
||||
DBA::escape($locality),
|
||||
DBA::escape($region),
|
||||
DBA::escape($postal_code),
|
||||
DBA::escape($country_name),
|
||||
DBA::escape($marital),
|
||||
DBA::escape($with),
|
||||
DBA::escape($howlong),
|
||||
DBA::escape($sexual),
|
||||
DBA::escape($xmpp),
|
||||
DBA::escape($homepage),
|
||||
DBA::escape($hometown),
|
||||
DBA::escape($politic),
|
||||
DBA::escape($religion),
|
||||
DBA::escape($pub_keywords),
|
||||
DBA::escape($prv_keywords),
|
||||
DBA::escape($likes),
|
||||
DBA::escape($dislikes),
|
||||
DBA::escape($about),
|
||||
DBA::escape($interest),
|
||||
DBA::escape($contact),
|
||||
DBA::escape($music),
|
||||
DBA::escape($book),
|
||||
DBA::escape($tv),
|
||||
DBA::escape($film),
|
||||
DBA::escape($romance),
|
||||
DBA::escape($work),
|
||||
DBA::escape($education),
|
||||
intval($hide_friends),
|
||||
intval($a->argv[1]),
|
||||
intval(local_user())
|
||||
|
|
@ -486,7 +486,7 @@ function profiles_post(App $a) {
|
|||
if ($is_default) {
|
||||
if ($namechanged) {
|
||||
$r = q("UPDATE `user` set `username` = '%s' where `uid` = %d",
|
||||
dbesc($name),
|
||||
DBA::escape($name),
|
||||
intval(local_user())
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ function profperm_content(App $a) {
|
|||
if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) {
|
||||
$r = q("SELECT `id` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `self` = 0
|
||||
AND `network` = '%s' AND `id` = %d AND `uid` = %d LIMIT 1",
|
||||
dbesc(NETWORK_DFRN),
|
||||
DBA::escape(NETWORK_DFRN),
|
||||
intval($a->argv[2]),
|
||||
intval(local_user())
|
||||
);
|
||||
|
|
@ -144,7 +144,7 @@ function profperm_content(App $a) {
|
|||
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `blocked` = 0 and `pending` = 0 and `self` = 0
|
||||
AND `network` = '%s' ORDER BY `name` ASC",
|
||||
intval(local_user()),
|
||||
dbesc(NETWORK_DFRN)
|
||||
DBA::escape(NETWORK_DFRN)
|
||||
);
|
||||
|
||||
if (DBA::isResult($r)) {
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ function register_post(App $a)
|
|||
|
||||
if (intval(Config::get('config', 'register_policy')) === REGISTER_OPEN) {
|
||||
if ($using_invites && $invite_id) {
|
||||
q("delete * from register where hash = '%s' limit 1", dbesc($invite_id));
|
||||
q("delete * from register where hash = '%s' limit 1", DBA::escape($invite_id));
|
||||
PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
|
||||
}
|
||||
|
||||
|
|
@ -117,22 +117,22 @@ function register_post(App $a)
|
|||
|
||||
$hash = random_string();
|
||||
$r = q("INSERT INTO `register` ( `hash`, `created`, `uid`, `password`, `language`, `note` ) VALUES ( '%s', '%s', %d, '%s', '%s', '%s' ) ",
|
||||
dbesc($hash),
|
||||
dbesc(DateTimeFormat::utcNow()),
|
||||
DBA::escape($hash),
|
||||
DBA::escape(DateTimeFormat::utcNow()),
|
||||
intval($user['uid']),
|
||||
dbesc($result['password']),
|
||||
dbesc(Config::get('system', 'language')),
|
||||
dbesc($_POST['permonlybox'])
|
||||
DBA::escape($result['password']),
|
||||
DBA::escape(Config::get('system', 'language')),
|
||||
DBA::escape($_POST['permonlybox'])
|
||||
);
|
||||
|
||||
// invite system
|
||||
if ($using_invites && $invite_id) {
|
||||
q("DELETE * FROM `register` WHERE `hash` = '%s' LIMIT 1", dbesc($invite_id));
|
||||
q("DELETE * FROM `register` WHERE `hash` = '%s' LIMIT 1", DBA::escape($invite_id));
|
||||
PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
|
||||
}
|
||||
|
||||
// send email to admins
|
||||
$admin_mail_list = "'" . implode("','", array_map("dbesc", explode(",", str_replace(" ", "", Config::get('config', 'admin_email'))))) . "'";
|
||||
$admin_mail_list = "'" . implode("','", array_map(['Friendica\Database\DBA', 'escape'], explode(",", str_replace(" ", "", Config::get('config', 'admin_email'))))) . "'";
|
||||
$adminlist = q("SELECT uid, language, email FROM user WHERE email IN (%s)",
|
||||
$admin_mail_list
|
||||
);
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ function user_allow($hash)
|
|||
$a = get_app();
|
||||
|
||||
$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
|
||||
dbesc($hash)
|
||||
DBA::escape($hash)
|
||||
);
|
||||
|
||||
|
||||
|
|
@ -36,7 +36,7 @@ function user_allow($hash)
|
|||
}
|
||||
|
||||
$r = q("DELETE FROM `register` WHERE `hash` = '%s'",
|
||||
dbesc($register[0]['hash'])
|
||||
DBA::escape($register[0]['hash'])
|
||||
);
|
||||
|
||||
|
||||
|
|
@ -77,7 +77,7 @@ function user_allow($hash)
|
|||
function user_deny($hash)
|
||||
{
|
||||
$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
|
||||
dbesc($hash)
|
||||
DBA::escape($hash)
|
||||
);
|
||||
|
||||
if (!DBA::isResult($register)) {
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ function repair_ostatus_content(App $a) {
|
|||
$r = q("SELECT COUNT(*) AS `total` FROM `contact` WHERE
|
||||
`uid` = %d AND `network` = '%s' AND `rel` IN (%d, %d)",
|
||||
intval($uid),
|
||||
dbesc(NETWORK_OSTATUS),
|
||||
DBA::escape(NETWORK_OSTATUS),
|
||||
intval(CONTACT_IS_FRIEND),
|
||||
intval(CONTACT_IS_SHARING));
|
||||
|
||||
|
|
@ -40,7 +40,7 @@ function repair_ostatus_content(App $a) {
|
|||
ORDER BY `url`
|
||||
LIMIT %d, 1",
|
||||
intval($uid),
|
||||
dbesc(NETWORK_OSTATUS),
|
||||
DBA::escape(NETWORK_OSTATUS),
|
||||
intval(CONTACT_IS_FRIEND),
|
||||
intval(CONTACT_IS_SHARING), $counter++);
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ function salmon_post(App $a, $xml = '') {
|
|||
$mentions = (($a->argc > 2 && $a->argv[2] === 'mention') ? true : false);
|
||||
|
||||
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `account_expired` = 0 AND `account_removed` = 0 LIMIT 1",
|
||||
dbesc($nick)
|
||||
DBA::escape($nick)
|
||||
);
|
||||
if (! DBA::isResult($r)) {
|
||||
System::httpExit(500);
|
||||
|
|
@ -145,11 +145,11 @@ function salmon_post(App $a, $xml = '') {
|
|||
$r = q("SELECT * FROM `contact` WHERE `network` IN ('%s', '%s')
|
||||
AND (`nurl` = '%s' OR `alias` = '%s' OR `alias` = '%s')
|
||||
AND `uid` = %d LIMIT 1",
|
||||
dbesc(NETWORK_OSTATUS),
|
||||
dbesc(NETWORK_DFRN),
|
||||
dbesc(normalise_link($author_link)),
|
||||
dbesc($author_link),
|
||||
dbesc(normalise_link($author_link)),
|
||||
DBA::escape(NETWORK_OSTATUS),
|
||||
DBA::escape(NETWORK_DFRN),
|
||||
DBA::escape(normalise_link($author_link)),
|
||||
DBA::escape($author_link),
|
||||
DBA::escape(normalise_link($author_link)),
|
||||
intval($importer['uid'])
|
||||
);
|
||||
if (! DBA::isResult($r)) {
|
||||
|
|
@ -159,9 +159,9 @@ function salmon_post(App $a, $xml = '') {
|
|||
if($result['success']) {
|
||||
$r = q("SELECT * FROM `contact` WHERE `network` = '%s' AND ( `url` = '%s' OR `alias` = '%s')
|
||||
AND `uid` = %d LIMIT 1",
|
||||
dbesc(NETWORK_OSTATUS),
|
||||
dbesc($author_link),
|
||||
dbesc($author_link),
|
||||
DBA::escape(NETWORK_OSTATUS),
|
||||
DBA::escape($author_link),
|
||||
DBA::escape($author_link),
|
||||
intval($importer['uid'])
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ function search_init(App $a) {
|
|||
if (x($_GET,'save') && $search) {
|
||||
$r = q("SELECT * FROM `search` WHERE `uid` = %d AND `term` = '%s' LIMIT 1",
|
||||
intval(local_user()),
|
||||
dbesc($search)
|
||||
DBA::escape($search)
|
||||
);
|
||||
if (!DBA::isResult($r)) {
|
||||
DBA::insert('search', ['uid' => local_user(), 'term' => $search]);
|
||||
|
|
|
|||
|
|
@ -175,23 +175,23 @@ function settings_post(App $a)
|
|||
icon='%s',
|
||||
uid=%d
|
||||
WHERE client_id='%s'",
|
||||
dbesc($key),
|
||||
dbesc($secret),
|
||||
dbesc($name),
|
||||
dbesc($redirect),
|
||||
dbesc($icon),
|
||||
DBA::escape($key),
|
||||
DBA::escape($secret),
|
||||
DBA::escape($name),
|
||||
DBA::escape($redirect),
|
||||
DBA::escape($icon),
|
||||
local_user(),
|
||||
dbesc($key)
|
||||
DBA::escape($key)
|
||||
);
|
||||
} else {
|
||||
q("INSERT INTO clients
|
||||
(client_id, pw, name, redirect_uri, icon, uid)
|
||||
VALUES ('%s', '%s', '%s', '%s', '%s',%d)",
|
||||
dbesc($key),
|
||||
dbesc($secret),
|
||||
dbesc($name),
|
||||
dbesc($redirect),
|
||||
dbesc($icon),
|
||||
DBA::escape($key),
|
||||
DBA::escape($secret),
|
||||
DBA::escape($name),
|
||||
DBA::escape($redirect),
|
||||
DBA::escape($icon),
|
||||
local_user()
|
||||
);
|
||||
}
|
||||
|
|
@ -250,13 +250,13 @@ function settings_post(App $a)
|
|||
$r = q("UPDATE `mailacct` SET `server` = '%s', `port` = %d, `ssltype` = '%s', `user` = '%s',
|
||||
`action` = %d, `movetofolder` = '%s',
|
||||
`mailbox` = 'INBOX', `reply_to` = '%s', `pubmail` = %d WHERE `uid` = %d",
|
||||
dbesc($mail_server),
|
||||
DBA::escape($mail_server),
|
||||
intval($mail_port),
|
||||
dbesc($mail_ssl),
|
||||
dbesc($mail_user),
|
||||
DBA::escape($mail_ssl),
|
||||
DBA::escape($mail_user),
|
||||
intval($mail_action),
|
||||
dbesc($mail_movetofolder),
|
||||
dbesc($mail_replyto),
|
||||
DBA::escape($mail_movetofolder),
|
||||
DBA::escape($mail_replyto),
|
||||
intval($mail_pubmail),
|
||||
intval(local_user())
|
||||
);
|
||||
|
|
@ -356,7 +356,7 @@ function settings_post(App $a)
|
|||
Theme::install($theme);
|
||||
|
||||
$r = q("UPDATE `user` SET `theme` = '%s' WHERE `uid` = %d",
|
||||
dbesc($theme),
|
||||
DBA::escape($theme),
|
||||
intval(local_user())
|
||||
);
|
||||
|
||||
|
|
@ -579,29 +579,29 @@ function settings_post(App $a)
|
|||
`def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d,
|
||||
`unkmail` = %d, `cntunkmail` = %d, `language` = '%s'
|
||||
WHERE `uid` = %d",
|
||||
dbesc($username),
|
||||
dbesc($email),
|
||||
dbesc($openid),
|
||||
dbesc($timezone),
|
||||
dbesc($str_contact_allow),
|
||||
dbesc($str_group_allow),
|
||||
dbesc($str_contact_deny),
|
||||
dbesc($str_group_deny),
|
||||
DBA::escape($username),
|
||||
DBA::escape($email),
|
||||
DBA::escape($openid),
|
||||
DBA::escape($timezone),
|
||||
DBA::escape($str_contact_allow),
|
||||
DBA::escape($str_group_allow),
|
||||
DBA::escape($str_contact_deny),
|
||||
DBA::escape($str_group_deny),
|
||||
intval($notify),
|
||||
intval($page_flags),
|
||||
intval($account_type),
|
||||
dbesc($defloc),
|
||||
DBA::escape($defloc),
|
||||
intval($allow_location),
|
||||
intval($maxreq),
|
||||
intval($expire),
|
||||
dbesc($openidserver),
|
||||
DBA::escape($openidserver),
|
||||
intval($def_gid),
|
||||
intval($blockwall),
|
||||
intval($hidewall),
|
||||
intval($blocktags),
|
||||
intval($unkmail),
|
||||
intval($cntunkmail),
|
||||
dbesc($language),
|
||||
DBA::escape($language),
|
||||
intval(local_user())
|
||||
);
|
||||
if (DBA::isResult($r)) {
|
||||
|
|
@ -618,7 +618,7 @@ function settings_post(App $a)
|
|||
`hide-friends` = %d
|
||||
WHERE `is-default` = 1 AND `uid` = %d",
|
||||
intval($publish),
|
||||
dbesc($username),
|
||||
DBA::escape($username),
|
||||
intval($net_publish),
|
||||
intval($hide_friends),
|
||||
intval(local_user())
|
||||
|
|
@ -678,7 +678,7 @@ function settings_content(App $a)
|
|||
|
||||
if (($a->argc > 3) && ($a->argv[2] === 'edit')) {
|
||||
$r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d",
|
||||
dbesc($a->argv[3]),
|
||||
DBA::escape($a->argv[3]),
|
||||
local_user());
|
||||
|
||||
if (!DBA::isResult($r)) {
|
||||
|
|
|
|||
|
|
@ -159,7 +159,7 @@ EOT;
|
|||
|
||||
$t = q("SELECT count(tid) as tcount FROM term WHERE oid=%d AND term='%s'",
|
||||
intval($item['id']),
|
||||
dbesc($term)
|
||||
DBA::escape($term)
|
||||
);
|
||||
|
||||
if (!$blocktags && $t[0]['tcount'] == 0) {
|
||||
|
|
@ -167,8 +167,8 @@ EOT;
|
|||
intval($item['id']),
|
||||
$term_objtype,
|
||||
TERM_HASHTAG,
|
||||
dbesc($term),
|
||||
dbesc(System::baseUrl() . '/search?tag=' . $term),
|
||||
DBA::escape($term),
|
||||
DBA::escape(System::baseUrl() . '/search?tag=' . $term),
|
||||
intval($owner_uid)
|
||||
);
|
||||
}
|
||||
|
|
@ -181,7 +181,7 @@ EOT;
|
|||
);
|
||||
$t = q("SELECT COUNT(`tid`) AS `tcount` FROM `term` WHERE `oid`=%d AND `term`='%s'",
|
||||
intval($original_item['id']),
|
||||
dbesc($term)
|
||||
DBA::escape($term)
|
||||
);
|
||||
|
||||
if (DBA::isResult($x) && !$x[0]['blocktags'] && $t[0]['tcount'] == 0){
|
||||
|
|
@ -189,8 +189,8 @@ EOT;
|
|||
intval($original_item['id']),
|
||||
$term_objtype,
|
||||
TERM_HASHTAG,
|
||||
dbesc($term),
|
||||
dbesc(System::baseUrl() . '/search?tag=' . $term),
|
||||
DBA::escape($term),
|
||||
DBA::escape(System::baseUrl() . '/search?tag=' . $term),
|
||||
intval($owner_uid)
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,15 +8,12 @@ use Friendica\Content\Nav;
|
|||
use Friendica\Core\Config;
|
||||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Worker;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\Group;
|
||||
use Friendica\Model\Item;
|
||||
use Friendica\Model\Profile;
|
||||
use Friendica\Model\Term;
|
||||
use Friendica\Protocol\DFRN;
|
||||
use Friendica\Util\DateTimeFormat;
|
||||
|
||||
require_once 'include/items.php';
|
||||
require_once 'include/security.php';
|
||||
|
|
@ -37,7 +34,7 @@ function videos_init(App $a) {
|
|||
if($a->argc > 1) {
|
||||
$nick = $a->argv[1];
|
||||
$user = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
|
||||
dbesc($nick)
|
||||
DBA::escape($nick)
|
||||
);
|
||||
|
||||
if(! count($user))
|
||||
|
|
@ -155,16 +152,16 @@ function videos_post(App $a) {
|
|||
|
||||
$r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `id` = '%s' LIMIT 1",
|
||||
intval(local_user()),
|
||||
dbesc($video_id)
|
||||
DBA::escape($video_id)
|
||||
);
|
||||
|
||||
if (DBA::isResult($r)) {
|
||||
q("DELETE FROM `attach` WHERE `uid` = %d AND `id` = '%s'",
|
||||
intval(local_user()),
|
||||
dbesc($video_id)
|
||||
DBA::escape($video_id)
|
||||
);
|
||||
$i = q("SELECT `id` FROM `item` WHERE `attach` like '%%attach/%s%%' AND `uid` = %d LIMIT 1",
|
||||
dbesc($video_id),
|
||||
DBA::escape($video_id),
|
||||
intval(local_user())
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ function viewcontacts_init(App $a)
|
|||
if ($a->argc > 1) {
|
||||
$nick = $a->argv[1];
|
||||
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
|
||||
dbesc($nick)
|
||||
DBA::escape($nick)
|
||||
);
|
||||
|
||||
if (! DBA::isResult($r)) {
|
||||
|
|
@ -63,9 +63,9 @@ function viewcontacts_content(App $a)
|
|||
AND NOT `hidden` AND NOT `archive`
|
||||
AND `network` IN ('%s', '%s', '%s')",
|
||||
intval($a->profile['uid']),
|
||||
dbesc(NETWORK_DFRN),
|
||||
dbesc(NETWORK_DIASPORA),
|
||||
dbesc(NETWORK_OSTATUS)
|
||||
DBA::escape(NETWORK_DFRN),
|
||||
DBA::escape(NETWORK_DIASPORA),
|
||||
DBA::escape(NETWORK_OSTATUS)
|
||||
);
|
||||
if (DBA::isResult($r)) {
|
||||
$a->set_pager_total($r[0]['total']);
|
||||
|
|
@ -77,9 +77,9 @@ function viewcontacts_content(App $a)
|
|||
AND `network` IN ('%s', '%s', '%s')
|
||||
ORDER BY `name` ASC LIMIT %d, %d",
|
||||
intval($a->profile['uid']),
|
||||
dbesc(NETWORK_DFRN),
|
||||
dbesc(NETWORK_DIASPORA),
|
||||
dbesc(NETWORK_OSTATUS),
|
||||
DBA::escape(NETWORK_DFRN),
|
||||
DBA::escape(NETWORK_DIASPORA),
|
||||
DBA::escape(NETWORK_OSTATUS),
|
||||
intval($a->pager['start']),
|
||||
intval($a->pager['itemspage'])
|
||||
);
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ function wall_attach_post(App $a) {
|
|||
if($a->argc > 1) {
|
||||
$nick = $a->argv[1];
|
||||
$r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1",
|
||||
dbesc($nick)
|
||||
DBA::escape($nick)
|
||||
);
|
||||
if (! DBA::isResult($r)) {
|
||||
if ($r_json) {
|
||||
|
|
@ -145,8 +145,8 @@ function wall_attach_post(App $a) {
|
|||
|
||||
$r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1",
|
||||
intval($page_owner_uid),
|
||||
dbesc($created),
|
||||
dbesc($hash)
|
||||
DBA::escape($created),
|
||||
DBA::escape($hash)
|
||||
);
|
||||
|
||||
if (! DBA::isResult($r)) {
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ function wall_upload_post(App $a, $desktopmode = true)
|
|||
INNER JOIN `contact` on `user`.`uid` = `contact`.`uid`
|
||||
WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0
|
||||
AND `contact`.`self` = 1 LIMIT 1",
|
||||
dbesc($nick)
|
||||
DBA::escape($nick)
|
||||
);
|
||||
|
||||
if (!DBA::isResult($r)) {
|
||||
|
|
@ -46,7 +46,7 @@ function wall_upload_post(App $a, $desktopmode = true)
|
|||
INNER JOIN `contact` on `user`.`uid` = `contact`.`uid`
|
||||
WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0
|
||||
AND `contact`.`self` = 1 LIMIT 1",
|
||||
dbesc($user_info['screen_name'])
|
||||
DBA::escape($user_info['screen_name'])
|
||||
);
|
||||
}
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ function wallmessage_post(App $a) {
|
|||
}
|
||||
|
||||
$r = q("select * from user where nickname = '%s' limit 1",
|
||||
dbesc($recipient)
|
||||
DBA::escape($recipient)
|
||||
);
|
||||
|
||||
if (! DBA::isResult($r)) {
|
||||
|
|
@ -88,7 +88,7 @@ function wallmessage_content(App $a) {
|
|||
}
|
||||
|
||||
$r = q("select * from user where nickname = '%s' limit 1",
|
||||
dbesc($recipient)
|
||||
DBA::escape($recipient)
|
||||
);
|
||||
|
||||
if (! DBA::isResult($r)) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue